I was looking at one vendor, and they recommended using SOCKS5 and a VPN at the same time. Their reasons are:
Increased security with SOCKS5 proxy. With the SOCKS5 proxy, you can further minimize your computer’s identity from being revealed. This simple yet powerful feature also reduces CAPTCHAs.
SOCKS5 proxies have multiple uses, including
- improving the killswitch
- making it more difficult to detect OpenVPN usage
- reducing the amount of CAPTCHAs.
I guess those things are all good, but does it really matter? I don’t see why a SOCKS5 proxy is less detectable than OpenVPN or why it would reduce the number of CAPTCHAs.
Socks5 is an Application Tunnel and VPN is a connection tunnel; MITM protection is applied per respective tunnel type. So socks5 is not a full tunnel especially regarding inbound traffic.
A SOCKS5 proxy allows your internet traffic to pass through a SOCKS server. This generates a new IP, making you look like you’re originating there. Same goes for VPN. This happens because of NAT (Network Address Translation), and in the case of VPNs also because of extra filters they use. However NAT is a feature of IPV4.
Meaning socks5 may very well be useless on IPV6 except to bypass firewalls. To maximize socks5 benefit only enable IPV4. Keep in mind socks5 encryption is weak. NAT btw also works with HTTPS. How VPN’s filter HTTPS on IPV6 traffic to exclude your IP I do not know. Possibly IPV6 leak prevention may only apply to non-encrypted protocols.
So the benefit of using socks5 within a VPN is that any IP leak will instead leak the socks5 IP. That is to say that under normal conditions the IP seen will be that of the VPN, and when a leak occurs will be that of socks5; should be. If your IP does not leak, you are difficult to target; like firing a gun at air.
Any protocol that an app uses will be transmitted over socks5 if a socks5 proxy is used and enabled. Obviously HTTPS proxy is more secure. What your computer does and what you browse is far more protected by HTTPS proxy than socks5, but HTTPS gives you at MITM protection from HTTP/HTTPS traffic assuming you are using the windows built-in proxy feature.
Most application traffic is HTTP/HTTPS so in a way MITM protection is similar to socks5, but not by design; by design socks5 is better because it supports all protocols, and by design VPN is the best because it doesn’t just tunnel application data, but all tcp/ip data. Catchas will not be reduced by combination because source ip will be that of VPN and you are probably using one without a dedicated or static IP.
I hope you learned something.
If you could layer them like that then the VPN would only see the proxy and the proxy would only see the VPN so neither would know what you are doing.
I use SOCKS through a VPN, but that’s only because I am too lazy to lock down authentication on the SOCKS servers, and because my VPS has 5x IP addresses and I use different socks daemons on 5x ports to route outbound traffic through each specific IP depending one which SOCKS client-facing port the app is configured to use
Maybe they are thinking of using the VPN for one geographic area and the proxy for another?
Isn’t SOCKS5 just a proxy I asked nordvpn a while ago if it was safe to just use SOCKS5 and they said it was unsecure and recommended to use the vpn I was having an issue with speed on a certain application at the time.
Using a SOCKS5 proxy and vpn at the same time might be like using douple vpn nordvpn offers this feature.
I dont no how it could improve the killswitch you would think if you get disconnected from your vpn you would also get disconnected from your proxy and most torrent clients have a feature to only use your vpn connection like utorrent and qbittorrent.
Can’t it help prevent DNS leaks?
Frankly speaking, using Socks5 proxies with VPN will make your connection a bit more secure since the VPN encrypts the transmitted information and Socks5 does not. The price to pay for this is speed, as the use of both will definitely slow it down.
IMHO, there is not much added benefit in using both but you compromise the speed significantly.
I would recommend choosing one or the other based on the use case instead of trying to use both simultaneously.
VPN is good to (1) Secure personal information, (2) Privacy/Anonymity, (3)
Secure corporate information, (4) Bypass censorship
Proxies are good for (1)
General Cybersecurity, (2) Accessing GEO-restricted content, (3) Web Scraping (Data Collection), (4) Blocking access to specific resources.
Captchas will occur on either socks or VPN depending on whether the socks “proxy” is a known malicious instigator.
Furthermore, socks can be used on the internet facing side of the tunnel, not just the localhost facing side. And you can make socks on both ends, with the VPN in between, if necessary
What’s the benefit to that arrangement? Easier to see which app is taking up traffic on each port/ip?
How did you set something like this up?
I don’t remember which of the two I was running at the time, it can be done with really any Layer 2 or 3 VPN, I’ve done it with tinc and Wireguard in the past.
Basically, you sent up your VPN on both your remote server/VPS and your local PC, give each end an IP address on a private subnet (say, give your remote server the IP 10.100.100.1 and your PC end as 10.100.100.2. You can pick a subnet mask as small as 255.255.255.254, but you may was well just do 255.255.255.0)
Then setup a socks server (I used dante, which I think is the most established socks server) on your remote VPS and have it set to only listen to connections on the IP 10.100.100.1 from your subnet. You really don’t have to worry about figuring out Dante’s authentication settings because connections will only be allowed from that subnet anyways.
If you use Dante, there are a few things you have to configure to allow traffic to be proxied from the 10.100.100.1/24 network you created for the VPN and the outside internet, it is only 4 lines or so but I remember it took me some trial+error to format it right
I found this example of Dante’s config for VPN on my hard drive, I don’t remember if the syntax is still valid,
86.75.30.9 would be the VPS IP
10.100.100.1 would be the VPN’s internal IP on the VPS
Port 12221 would be the port you connect to for socks://10.100.100.1:12221